Red Flag Rules

On October 31, 2007, a joint committee of the OCC, Federal Reserve Board, FDIC, OTS, NCUA and the Federal Trade Commission passed the final legislation for Section 114 of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), also known as the Identity Theft Red Flags and Notices of Address Discrepancy or “Red Flags Rule.” The rule requires that all organizations subject to the legislation must develop and implement a formal, written and revisable “Identity Theft Prevention Program” (Program) to detect, prevent and mitigate identity theft.

The enforcement date of the Red Flags Rule has been delayed numerous times by the Federal Trade Commission (FTC), in part due to concerns over the broad scope of the rule. In response, Congress has passed the Red Flag Program Clarification Act of 2010, which narrowed the definition of “creditor” that is used to determine entities covered by the rule. The Red Flags Rule went in to effect on December 31, 2010 and will now be enforced by the FTC under the most recent amendment.

To assist affected organizations, Kroll Fraud Solutions developed a comprehensive Red Flags Rule Compliance Program. In addition to this Red Flags Rule FAQ, Kroll's Program offers a customizable Program template, as well as an employee training guide, to help your organization towards compliance with this legislation.